包填充相关

最近看了一些文章,关于数据包填充的一些知识。数据包填充的目的是降低网络数据包流量分析准确性,大致分为以下三种类型,介绍几个相关方法。


Type-1:SSH/TLS/IPSec-Motivated Countermeasures:  

   The main idea is allow up to 255 bytes padding.

a. Session Random 255 Padding:

A uniform value r∈{0,8,16,....248} is sampled and stored for the session(assume that the underlying encryption block size is 8 bytes).

Each packet in the trace has its length field increased by r, up to a maximum of the MTU.

说白了,就是一次会话过程只有一个r值,在整个会话过程中,都用这个r值来填充,如果超过MTU,就直接填充成MTU。

b.Packet Random 255 Padding:

Same as Session Random 255 Padding, except that a new random padding length r is sampled for each input packet.

一个包选择一个r值,如果超过就直接填充成MTU。


Type-2: Other Padding-based Countermeasures:

a.Linear Padding:

All packets lengths are increased to nearest Multiple of 128,or the MTU,which is smaller.

b.Exponential Padding:

All packets lengths are increased to nearest power of 2,or the MTU,which is smaller.

c.Mice-Elephants Padding:

If the packet length <128,then the packet is increased to 128 bytes,otherwise it is padded to the MTU.

d.Pad to MTU:

All packet lengths are increased to the MTU.

e.Packet Random MTU Padding:

Let M be the MTU and L be the input packet length. For each packet , a value r∈{0,8,16,...M-L} is sampled uniformly at random and packet length is increased by r.

这样做的结果就是有一些包被填充成了MTU,而有一些包没有。


Type-3:Distribution-based Countermeasures:

a.Direct Target Sampling:

Given a pair of web pages A and B,where A is the source and B is the target, when a packet of length i is produced for web page A,we sample from the packet length distribution B to get a new length i'. If i'>i,we pad the packet ,otherwise,we send i' bytes of the original packet and continue sampling from B until all bytes of the original packet have been sent.

如果采样到的网页的数据包大于原始数据包,则填充,否则只传送采样到的数据的长度的数据包。

b.Traffic Morphing:

It is similarly to direct target sampling except that instead of sampling from the target distribution directly, we use convex optimization methods to produce a morphing matrix that ensures we make the source distribution look like target while simultaneously minimizing the overhead.

你可能感兴趣的:(papers)